Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/fmKW3-hNl2IbOMqH8ah38Oxg0CU.roa
File:                     fmKW3-hNl2IbOMqH8ah38Oxg0CU.roa (raw, json)
Hash identifier:          IKLYS5pe7d2EJnb2YdlYnd8BezIBWOETQw4swzk1DTM=
Subject key identifier:   7E:62:96:DF:E8:4D:97:62:1B:38:CA:87:F1:A8:77:F0:EC:60:D0:25
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       019D684A80C1C50B70BB245DBBCFBEC79C85
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/fmKW3-hNl2IbOMqH8ah38Oxg0CU.roa
Signing time:             Tue 07 Apr 2026 14:13:26 +0000
ROA not before:           Tue 07 Apr 2026 14:13:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35594
IP address blocks:        212.60.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 00:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:68:4a:80:c1:c5:0b:70:bb:24:5d:bb:cf:be:c7:9c:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Apr  7 14:13:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7e6296dfe84d97621b38ca87f1a877f0ec60d025
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:c2:b0:78:28:97:e9:1a:17:e3:43:eb:01:a1:
                    d8:2b:8d:d3:06:a1:67:82:a4:cf:97:28:f2:f2:fd:
                    52:a3:98:41:40:71:25:40:45:04:20:ac:8c:0f:f6:
                    fb:1c:67:7a:75:c4:3d:7a:2d:9f:59:cd:8f:2a:32:
                    3b:77:6b:83:de:a8:f4:61:9a:49:30:5a:a0:22:a2:
                    2c:ab:c6:a0:c9:ce:6e:e6:0f:fb:b1:94:cc:41:bc:
                    9f:f6:a6:08:d4:21:f8:28:78:ff:4d:6f:58:8d:3a:
                    0c:b3:a6:df:7d:f3:41:d0:26:37:21:be:5e:fd:d2:
                    55:4e:7a:cf:29:7f:67:1a:09:82:d8:11:50:47:4f:
                    57:b7:d6:75:74:d5:24:1f:16:de:be:70:38:37:91:
                    12:c3:03:f7:31:75:23:5c:f8:d7:f8:74:da:90:c9:
                    2c:1d:e1:b4:28:04:dd:29:13:ff:6e:c1:3a:a1:dd:
                    49:38:cb:15:bb:03:11:76:d9:db:51:80:ef:9e:b0:
                    12:c8:49:da:02:3f:d6:21:12:36:19:f7:fa:0f:31:
                    8b:65:b5:a8:6e:f0:cc:7a:e0:16:d6:e0:06:c1:38:
                    b2:a0:cd:e5:32:73:54:67:dc:8f:d6:6d:d1:78:fd:
                    46:d5:80:1a:48:b2:70:b4:f4:0e:fa:3d:41:f3:88:
                    81:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:62:96:DF:E8:4D:97:62:1B:38:CA:87:F1:A8:77:F0:EC:60:D0:25
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/fmKW3-hNl2IbOMqH8ah38Oxg0CU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.60.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:6b:59:fa:f5:eb:e0:5e:a0:4e:88:de:ca:af:a0:62:19:5f:
         26:66:83:68:03:82:c2:cc:56:5e:d9:0e:ab:d9:19:8a:8d:52:
         4e:4a:1a:17:c2:2f:85:76:27:35:74:73:fd:b6:75:76:e1:b1:
         51:c1:a9:57:49:41:7d:fa:c1:77:70:e7:33:a5:a4:ba:f5:da:
         57:35:dc:5c:f3:ea:da:41:32:f3:02:34:4b:44:c0:4a:93:1d:
         8b:ff:e4:d9:aa:9a:3d:b3:77:91:d7:9e:73:52:f9:2f:04:01:
         60:bc:12:8a:76:b0:a6:c3:6e:71:dd:06:71:89:aa:57:4e:5a:
         88:f2:19:eb:63:45:aa:7f:18:32:10:b6:bb:e6:4f:24:53:fc:
         ec:f9:9c:78:40:b2:8b:c5:3d:ea:8a:4f:db:a4:35:3b:75:35:
         a2:78:91:58:b2:81:14:3b:c1:eb:2c:28:77:bc:1d:d4:bc:56:
         fb:15:01:2d:03:c6:89:8b:0d:ca:73:80:dd:61:62:25:4f:cf:
         3d:53:ef:e7:5c:36:b1:9b:a6:80:04:c5:1a:87:7b:5f:45:07:
         91:c4:30:fb:6f:e1:f4:d3:1e:1c:59:df:58:5e:b9:92:e8:e6:
         da:ca:71:e7:28:ab:59:ab:73:16:4f:0a:0b:6d:ca:85:47:d8:
         3f:6e:c5:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1oSoDBxQtwuyRdu8++x5yFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjYwNDA3MTQxMzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTYyOTZkZmU4NGQ5NzYyMWIzOGNhODdmMWE4NzdmMGVjNjBkMDI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvcKweCiX6RoX40PrAaHYK43TBqFn
gqTPlyjy8v1So5hBQHElQEUEIKyMD/b7HGd6dcQ9ei2fWc2PKjI7d2uD3qj0YZpJ
MFqgIqIsq8agyc5u5g/7sZTMQbyf9qYI1CH4KHj/TW9YjToMs6bfffNB0CY3Ib5e
/dJVTnrPKX9nGgmC2BFQR09Xt9Z1dNUkHxbevnA4N5ESwwP3MXUjXPjX+HTakMks
HeG0KATdKRP/bsE6od1JOMsVuwMRdtnbUYDvnrASyEnaAj/WIRI2Gff6DzGLZbWo
bvDMeuAW1uAGwTiyoM3lMnNUZ9yP1m3ReP1G1YAaSLJwtPQO+j1B84iBqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH5ilt/oTZdiGzjKh/God/DsYNAlMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvZm1LVzMtaE5sMkliT01xSDhhaDM4T3hnMENVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1DwEMA0G
CSqGSIb3DQEBCwUAA4IBAQCBa1n69evgXqBOiN7Kr6BiGV8mZoNoA4LCzFZe2Q6r
2RmKjVJOShoXwi+Fdic1dHP9tnV24bFRwalXSUF9+sF3cOczpaS69dpXNdxc8+ra
QTLzAjRLRMBKkx2L/+TZqpo9s3eR155zUvkvBAFgvBKKdrCmw25x3QZxiapXTlqI
8hnrY0WqfxgyELa75k8kU/zs+Zx4QLKLxT3qik/bpDU7dTWieJFYsoEUO8HrLCh3
vB3UvFb7FQEtA8aJiw3Kc4DdYWIlT889U+/nXDaxm6aABMUah3tfRQeRxDD7b+H0
0x4cWd9YXrmS6ObaynHnKKtZq3MWTwoLbcqFR9g/bsWj
-----END CERTIFICATE-----